Malware Analysis Report

2024-11-30 04:08

Sample ID 240408-bh8y9acc65
Target c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f
SHA256 c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f

Threat Level: Known bad

The file c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 01:09

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 01:09

Reported

2024-04-08 01:12

Platform

win7-20240221-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\brasilian nude blowjob big shower .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake several models black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\danish action sperm [free] swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black fetish beast [bangbus] cock (Kathrin,Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\System32\DriverStore\Temp\russian animal xxx sleeping (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\african beast lesbian glans latex .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SysWOW64\IME\shared\lingerie hidden titts young .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\lingerie sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\horse [free] titts shower (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SysWOW64\IME\shared\sperm public Ôë .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Update\Download\tyrkish action trambling several models sm .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\italian cum sperm hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\indian beastiality hardcore voyeur titts mature .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\italian nude trambling [bangbus] high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files\Windows Journal\Templates\tyrkish gang bang blowjob sleeping balls .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Google\Temp\sperm public (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\russian action hardcore public titts .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm uncut hole pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\danish gang bang lingerie girls (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\black action lesbian girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian beastiality xxx public glans .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lesbian girls cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\blowjob public hole granny (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\blowjob [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files\DVD Maker\Shared\tyrkish kicking lesbian masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\indian nude horse catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\american kicking lingerie masturbation blondie (Jenna,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\fetish gay public wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\horse [free] boots .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\InstallTemp\african lingerie [milf] mistress (Ashley,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\nude horse licking .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\french beast hidden YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\russian animal bukkake hot (!) sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\spanish bukkake hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\asian blowjob full movie femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\japanese handjob bukkake voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\brasilian handjob blowjob full movie hole pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\kicking xxx public .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\chinese gay full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\spanish sperm [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\fucking hot (!) hole 40+ (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\tyrkish animal lingerie lesbian hole .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\chinese xxx masturbation 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\asian horse [free] sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\cum beast licking hole hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\african lingerie big feet 40+ (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\assembly\temp\fucking catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\black beastiality lingerie [bangbus] cock hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\lingerie lesbian feet latex .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american animal gay several models .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\action xxx masturbation cock femdom (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\malaysia hardcore [milf] hole pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\cumshot hardcore [free] hole wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\asian sperm [free] ejaculation (Jenna,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\gang bang beast [bangbus] titts boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\canadian bukkake hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\xxx girls feet .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore lesbian blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\gay hidden penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\Temp\gay voyeur redhair (Anniston,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\nude hardcore catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\fucking uncut upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\assembly\tmp\fucking public wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\russian animal horse girls feet 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\asian beast hidden mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\french bukkake hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\canadian trambling masturbation fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\sperm licking swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\german gay full movie feet (Jenna,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\italian cumshot horse [free] sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black animal trambling catfight hotel (Anniston,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\japanese porn blowjob sleeping shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\swedish animal hardcore licking titts ìï (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\canadian blowjob uncut fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lesbian several models black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian animal sperm sleeping boots .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\horse blowjob [bangbus] feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\fucking [milf] upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\xxx uncut shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\danish fetish hardcore girls shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\spanish horse full movie YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\security\templates\trambling hidden wifey (Kathrin,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\american action lingerie big .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\brasilian porn trambling hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\asian beast voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\cumshot lesbian masturbation titts bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\cumshot gay uncut glans shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\danish cum trambling several models titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1440 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 1440 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 1440 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 1440 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 2912 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 2912 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 2912 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 2912 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 1440 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 1440 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 1440 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 1440 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe

"C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe"

C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe

"C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe"

C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe

"C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe"

C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe

"C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 186.149.255.116.in-addr.arpa udp
US 8.8.8.8:53 97.244.37.150.in-addr.arpa udp
US 8.8.8.8:53 76.21.191.111.in-addr.arpa udp
US 8.8.8.8:53 81.99.209.43.in-addr.arpa udp
US 8.8.8.8:53 131.228.45.90.in-addr.arpa udp
US 8.8.8.8:53 118.214.184.170.in-addr.arpa udp
US 8.8.8.8:53 214.181.251.205.in-addr.arpa udp
US 8.8.8.8:53 9.227.22.133.in-addr.arpa udp
US 8.8.8.8:53 232.30.190.212.in-addr.arpa udp
US 8.8.8.8:53 145.161.146.21.in-addr.arpa udp
US 8.8.8.8:53 204.204.243.161.in-addr.arpa udp
US 8.8.8.8:53 108.87.9.241.in-addr.arpa udp
US 8.8.8.8:53 106.218.33.255.in-addr.arpa udp
US 8.8.8.8:53 108.5.181.229.in-addr.arpa udp
US 8.8.8.8:53 224.185.223.190.in-addr.arpa udp
US 8.8.8.8:53 163.115.213.148.in-addr.arpa udp
US 8.8.8.8:53 141.140.85.216.in-addr.arpa udp
US 8.8.8.8:53 228.222.176.25.in-addr.arpa udp
US 8.8.8.8:53 250.29.152.14.in-addr.arpa udp
US 8.8.8.8:53 93.21.225.55.in-addr.arpa udp

Files

memory/1440-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian beastiality xxx public glans .zip.exe

MD5 d5d3575d46d8b20c33ea99721807a951
SHA1 740f445ae2205023eca33b761ea2c8cf80740b14
SHA256 add7186e7cd70782cf0c4a69b3ebe9b5a3a5c76a1c5f26fc6d9f9ef3fd3cc8c2
SHA512 a5c2da9cc3a6b3201c3fb0db884402457c4ee2c933f00a7394e81417c6c1404e8485031fb2d17ac549c4f66a199cfa37a2831598246e1be45ce9848a2ec105ec

memory/1440-15-0x0000000004A70000-0x0000000004A8E000-memory.dmp

memory/2912-17-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2912-56-0x00000000047C0000-0x00000000047DE000-memory.dmp

memory/1440-57-0x0000000004F30000-0x0000000004F4E000-memory.dmp

memory/2072-58-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2588-59-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1440-96-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2912-99-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1440-98-0x0000000004A70000-0x0000000004A8E000-memory.dmp

memory/2912-100-0x00000000047C0000-0x00000000047DE000-memory.dmp

C:\debug.txt

MD5 36456751e8251a2e5cbc0a1e3763eb5a
SHA1 47d9ac35137c9270e0da4f0156d83d596c2ee99a
SHA256 c27d35e3ad7b089405c0be93df35c8f6e8e12bacb1e1a51444f3851c0715c48e
SHA512 f707e934e63a08f485af24f38775adcceb670c171de676d7b859fe2a9fc9f5c85a94ae9001bc1a74094c11939b2a9d7d0ec763033a27e0b8d9e8311d5bde6d10

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-08 01:09

Reported

2024-04-08 01:12

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\SHARED\tyrkish kicking fucking [free] hole .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gay public shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian kicking gay voyeur leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\gay [bangbus] glans traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\sperm [bangbus] (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\hardcore girls balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\black kicking blowjob girls hole circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\System32\DriverStore\Temp\gay girls titts mature .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\brasilian kicking hardcore hidden feet (Sonja,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish gang bang beast sleeping feet lady .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\french beast girls glans sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\sperm catfight (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\beast public black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\trambling voyeur feet fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Google\Temp\lingerie [bangbus] hole .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\action hardcore uncut (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\danish cumshot xxx voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian action trambling lesbian feet (Christine,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\swedish nude gay [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\indian horse lesbian catfight young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish kicking sperm lesbian hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\russian handjob bukkake several models glans stockings (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\beast hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\brasilian handjob gay uncut leather .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files\dotnet\shared\american handjob beast full movie hole young (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\hardcore sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\lingerie uncut 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\russian cumshot sperm [bangbus] bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\fucking full movie glans young (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\blowjob public hole Ôï (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\beast lesbian 50+ (Anniston,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\danish beastiality trambling big boots .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\african lingerie masturbation latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\InstallTemp\japanese beastiality lesbian [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\malaysia trambling several models .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\japanese gang bang bukkake full movie (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\indian action sperm [bangbus] black hairunshaved (Jenna,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\gang bang bukkake lesbian beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\african hardcore full movie swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\indian nude lesbian several models (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SoftwareDistribution\Download\indian kicking hardcore [free] hole YEâPSè& (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\black cumshot lesbian catfight glans mistress (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\malaysia blowjob girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\asian fucking catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\beast several models hole high heels (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\gay sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\german hardcore uncut hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\canadian lingerie masturbation glans fishy (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\malaysia lingerie lesbian feet .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\brasilian kicking trambling [free] swallow (Christine,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\beastiality lesbian lesbian feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\spanish trambling [milf] hairy (Anniston,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\swedish handjob hardcore big feet .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\kicking fucking voyeur 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\blowjob hot (!) titts wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\danish beastiality lingerie uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\black handjob trambling girls 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\swedish beastiality hardcore girls .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\fetish blowjob girls cock .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\british xxx licking black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\xxx several models femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\sperm uncut beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\action gay [milf] ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\cumshot bukkake catfight cock stockings (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\spanish bukkake licking ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\cumshot beast catfight cock .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\bukkake lesbian hole .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\russian nude lingerie licking glans pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\porn xxx uncut swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\japanese nude sperm lesbian glans sm (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\black cum gay [milf] (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\spanish hardcore uncut cock 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\swedish porn bukkake girls black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\indian beastiality hardcore masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\cumshot lesbian big titts redhair (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\gay catfight sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\porn fucking big hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\german bukkake [bangbus] cock .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\kicking sperm hidden glans traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\russian porn lesbian lesbian feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\canadian bukkake [bangbus] glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\InputMethod\SHARED\indian animal blowjob [milf] (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\german blowjob licking hole (Sonja,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\canadian xxx full movie mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\gang bang bukkake voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian beastiality sperm masturbation (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\italian handjob hardcore [milf] castration .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\german fucking catfight glans gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\indian action horse full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\indian fetish sperm hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\italian gang bang hardcore [free] leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\brasilian porn sperm lesbian femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\german lesbian catfight titts traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\chinese blowjob hidden 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 184 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 184 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 184 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 184 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 184 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 184 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 2088 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 2088 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe
PID 2088 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe

"C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe"

C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe

"C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe"

C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe

"C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe"

C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe

"C:\Users\Admin\AppData\Local\Temp\c2e14a72f74f24fdd48c4da131da1619a8ae3965e488c511c13988bc2832e48f.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 15.244.217.136.in-addr.arpa udp
US 8.8.8.8:53 72.210.20.46.in-addr.arpa udp
US 8.8.8.8:53 223.130.247.132.in-addr.arpa udp
US 8.8.8.8:53 224.19.176.190.in-addr.arpa udp
US 8.8.8.8:53 247.86.47.94.in-addr.arpa udp
US 8.8.8.8:53 74.236.129.157.in-addr.arpa udp
US 8.8.8.8:53 167.23.212.71.in-addr.arpa udp
US 8.8.8.8:53 133.74.27.215.in-addr.arpa udp
US 8.8.8.8:53 176.126.209.85.in-addr.arpa udp
US 8.8.8.8:53 161.200.4.105.in-addr.arpa udp
US 8.8.8.8:53 192.104.229.131.in-addr.arpa udp
US 8.8.8.8:53 37.251.68.130.in-addr.arpa udp
US 8.8.8.8:53 106.13.164.121.in-addr.arpa udp
US 8.8.8.8:53 81.36.115.18.in-addr.arpa udp
US 8.8.8.8:53 250.64.238.59.in-addr.arpa udp
US 8.8.8.8:53 25.164.231.189.in-addr.arpa udp
US 8.8.8.8:53 33.251.131.4.in-addr.arpa udp
US 8.8.8.8:53 77.98.219.10.in-addr.arpa udp
US 8.8.8.8:53 19.11.146.118.in-addr.arpa udp
US 8.8.8.8:53 18.37.59.204.in-addr.arpa udp
US 8.8.8.8:53 222.77.118.143.in-addr.arpa udp
US 8.8.8.8:53 127.162.178.81.in-addr.arpa udp
US 8.8.8.8:53 127.79.224.28.in-addr.arpa udp
US 8.8.8.8:53 110.26.243.57.in-addr.arpa udp
US 8.8.8.8:53 122.131.183.189.in-addr.arpa udp
US 8.8.8.8:53 93.155.251.248.in-addr.arpa udp
US 8.8.8.8:53 78.140.53.133.in-addr.arpa udp
US 8.8.8.8:53 198.69.124.240.in-addr.arpa udp
US 8.8.8.8:53 161.40.210.48.in-addr.arpa udp
US 8.8.8.8:53 244.25.156.199.in-addr.arpa udp
US 8.8.8.8:53 42.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 87.82.222.225.in-addr.arpa udp
US 8.8.8.8:53 251.122.11.254.in-addr.arpa udp
US 8.8.8.8:53 7.175.154.131.in-addr.arpa udp
US 8.8.8.8:53 163.120.42.20.in-addr.arpa udp
US 8.8.8.8:53 195.255.89.157.in-addr.arpa udp
US 8.8.8.8:53 225.196.115.233.in-addr.arpa udp
US 8.8.8.8:53 118.2.14.205.in-addr.arpa udp
US 8.8.8.8:53 9.125.137.109.in-addr.arpa udp
US 8.8.8.8:53 75.109.194.197.in-addr.arpa udp
US 8.8.8.8:53 214.253.107.253.in-addr.arpa udp
US 8.8.8.8:53 99.128.218.157.in-addr.arpa udp
US 8.8.8.8:53 144.135.194.48.in-addr.arpa udp
US 8.8.8.8:53 175.236.140.40.in-addr.arpa udp
US 8.8.8.8:53 65.181.146.132.in-addr.arpa udp
US 8.8.8.8:53 145.209.250.61.in-addr.arpa udp
US 8.8.8.8:53 152.16.109.183.in-addr.arpa udp
US 8.8.8.8:53 242.139.21.241.in-addr.arpa udp
US 8.8.8.8:53 221.6.21.20.in-addr.arpa udp
US 8.8.8.8:53 238.23.220.134.in-addr.arpa udp
US 8.8.8.8:53 240.186.143.194.in-addr.arpa udp
US 8.8.8.8:53 95.67.108.9.in-addr.arpa udp
US 8.8.8.8:53 238.43.246.174.in-addr.arpa udp
US 8.8.8.8:53 191.173.86.120.in-addr.arpa udp
US 8.8.8.8:53 237.205.71.94.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 183.24.74.102.in-addr.arpa udp
US 8.8.8.8:53 60.31.176.73.in-addr.arpa udp
US 8.8.8.8:53 252.137.62.190.in-addr.arpa udp
US 8.8.8.8:53 151.109.240.74.in-addr.arpa udp
US 8.8.8.8:53 185.21.74.97.in-addr.arpa udp
US 8.8.8.8:53 36.41.88.217.in-addr.arpa udp
US 8.8.8.8:53 161.154.24.41.in-addr.arpa udp
US 8.8.8.8:53 77.62.33.148.in-addr.arpa udp
US 8.8.8.8:53 132.186.75.239.in-addr.arpa udp
US 8.8.8.8:53 124.143.79.184.in-addr.arpa udp
US 8.8.8.8:53 247.152.134.182.in-addr.arpa udp
US 8.8.8.8:53 64.147.132.208.in-addr.arpa udp
US 8.8.8.8:53 144.125.50.211.in-addr.arpa udp
US 8.8.8.8:53 237.26.141.197.in-addr.arpa udp
US 8.8.8.8:53 240.78.39.3.in-addr.arpa udp
US 8.8.8.8:53 187.58.222.23.in-addr.arpa udp
US 8.8.8.8:53 215.166.110.133.in-addr.arpa udp
US 8.8.8.8:53 31.209.205.36.in-addr.arpa udp
US 8.8.8.8:53 75.202.194.184.in-addr.arpa udp
US 8.8.8.8:53 53.199.196.109.in-addr.arpa udp
US 8.8.8.8:53 33.103.62.230.in-addr.arpa udp
US 8.8.8.8:53 24.120.76.98.in-addr.arpa udp
US 8.8.8.8:53 242.48.7.27.in-addr.arpa udp
US 8.8.8.8:53 182.244.40.227.in-addr.arpa udp
US 8.8.8.8:53 227.250.219.22.in-addr.arpa udp
US 8.8.8.8:53 169.107.248.80.in-addr.arpa udp
US 8.8.8.8:53 233.197.119.103.in-addr.arpa udp
US 8.8.8.8:53 54.85.203.119.in-addr.arpa udp
US 8.8.8.8:53 22.14.132.7.in-addr.arpa udp
US 8.8.8.8:53 91.155.111.37.in-addr.arpa udp
US 8.8.8.8:53 171.234.228.218.in-addr.arpa udp

Files

memory/184-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian action trambling lesbian feet (Christine,Sylvia).rar.exe

MD5 ad73956a103e1ebe33c88d561b51c724
SHA1 52e1bd3c33006bdfb3282d9e13fd3d7a05b421e0
SHA256 e6bf10937ebe9a16cadf8d63f9a71916fbe6e8f5e8321f49443291afc6a9de4e
SHA512 2a9515c22a3d2918fc6491172a85fc3794d38baf155c29c63bfc708664d8d368e9682e9fea18d5d9c07e5e120f97e542b4ba9168a2a1ebf8eea935df5d356cd0

memory/2088-89-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3092-165-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4076-166-0x0000000000400000-0x000000000041E000-memory.dmp

memory/184-193-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2088-196-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3092-197-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4076-199-0x0000000000400000-0x000000000041E000-memory.dmp